Jump to content
alfred

Browser Protection

Recommended Posts

Why go back to ASK toolbar they are evil even though it's not prechecked! It's not wroth being on the bad installers list that all the security community can see!

 

Very sad,

 

TH

Share this post


Link to post
Share on other sites

I think ASK cause lot less trouble than some tricker happy people who contribute to block lists :) But I think talk is about constructing own toolbar, not adding to ASK.

 

Hphost is not easily gamed though. A closed list used by Malwarebytes, Emsisoft, there could be more. If you can't understand why whatever is blocked it is either because you are not as paranoid as Hphost (very likely) or do not know details about why. Like why a whole server like a shared host is blocked while some sites might be 100% safe. From what I have seen he almost always has reason to block. WOT is another matter. If you plan to involve "community" like WOT are so eager to do then think it through. Must be aware of pros and cons because letting amateurs play security experts, make own definitions of what is "evil" or not, is not without problems that is for sure. WOT save their butt by strange logic (just complain if something is wrong, have a nice day!) and more importantly a brilliant plugin. But already getting technical, must set it up properly to avoid/limit FPs or whatever you call it. Does not take many to get negative reaction, also by "security community". Only the most crazy people will not mind FPs in the imaginary war against evil. How it is outside forums ;) So toolbar/button thingy must be close to foolproof instead of trying to clean up whole internet. Malwaredomainlist type of lists could be ok of course, hphosts type can be hmmm (if that one is questionable I really don't know!), whatever users want/like will not work. Takes tons of resources to maintain at least.

Share this post


Link to post
Share on other sites

Hi,

 

Toolbar or not? Some browsers do not accept some toolbars, so the toolbar idea I do not fully support! Sometimes toolbars are difficult to uninstall as well!

Popup notices? Pesonally I am not against warning popups from the tray icon, if the %-age transparancy can be personally selected! But many people think popups are dusturbing!

Link warnings? Well, link warnings work for some browsers, not for all!

 

Some kind of oneline warning should be given by Immunet, but what and how?

 

Tray icon twinkling, shaking, or turning bright red? Maybe?! What's up? Hovering the curser over the tray icon might give the warning message!?

Cheers,

sweidre

Share this post


Link to post
Share on other sites

The issue with ASK is the adware people behind it, not the toolbar itself. It is just as harmless as Google and Yahoo.

 

But i don`t think security companies should support these people.

Share this post


Link to post
Share on other sites

The issue with ASK is the adware people behind it, not the toolbar itself. It is just as harmless as Google and Yahoo.

 

But i don`t think security companies should support these people.

 

Hi,

Is the toolbar sponsoring Immunet or is it the other way around?

Immunet FREE needs development, for sure! To keep Immunet FREE, Immunet needs a suitable sponsor.

A suitable sponsor should not be allowed to dictate the development of Immunet.

If a suitable sponsor is not found out there, let Immunet FREE be changed into a shareware renamed to Immunet PRO.

The costs of development can be born by the fastly number of Immunet members (today = 457,000 members)!

The fastly increasing number of members means that Immunet PRO will not be expensive at all for the members!

(Note! Do not mix up Immunet PRO with Immunet PLUS)!

Cheers

sweidre

Share this post


Link to post
Share on other sites

Business models rules security business :) Well I would also prefer a paid "increased" web protection thingy. Possible to sell what appears to be a nothing more than a toolbar? I think so. Matter of pricing scheme and having some trust in peoples desire to support - and naturally having a good product. Trick is to make it so cheap that majority go "oh well, I won't notice" Many users does not necessarily mean many paying customers if things are done wrong. Logic must be it is better to sell 100 items for 8$ than 20 for 19.95$. There could be a "sponsored" free version and a truly generic/clean one. Sponsored could be inspired of Conduit toolbars http://www.conduit.com/Toolbar/Benefits.aspx Many options of marketing throug those.

 

Linkextend http://www.linkextend.com/ does a lot things. Some are useful and interesting. May be possible to increase value by adding not strictly security related stuff that most will feel increase their "productivity", add to coolness factor :) Not sure this is possible in all browser but in Firefox Linkextend type of toolbars can be split up in individual buttons and placed where ever, like Google Toolbar.

 

Conduit toolbars have some "notification" features, like you can message "community". What 100s of security blogs/companies already do through blogs, including Immunet. Typically they throw out warnings, like Facebook "Dislike" button trick http://www.sophos.com/blogs/gc/g/2010/08/16/facebook-dislike-button-scam-spreads-virally/ Something like that could be implemented so user had the option of getting updated on current tricks and scams.

Share this post


Link to post
Share on other sites

Business models rules security business :) Well I would also prefer a paid "increased" web protection thingy. Possible to sell what appears to be a nothing more than a toolbar? I think so. Matter of pricing scheme and having some trust in peoples desire to support - and naturally having a good product. Trick is to make it so cheap that majority go "oh well, I won't notice" Many users does not necessarily mean many paying customers if things are done wrong. Logic must be it is better to sell 100 items for 8$ than 20 for 19.95$. There could be a "sponsored" free version and a truly generic/clean one. Sponsored could be inspired of Conduit toolbars http://www.conduit.c...r/Benefits.aspx Many options of marketing throug those.

 

Linkextend http://www.linkextend.com/ does a lot things. Some are useful and interesting. May be possible to increase value by adding not strictly security related stuff that most will feel increase their "productivity", add to coolness factor :) Not sure this is possible in all browser but in Firefox Linkextend type of toolbars can be split up in individual buttons and placed where ever, like Google Toolbar.

 

Conduit toolbars have some "notification" features, like you can message "community". What 100s of security blogs/companies already do through blogs, including Immunet. Typically they throw out warnings, like Facebook "Dislike" button trick http://www.sophos.co...preads-virally/ Something like that could be implemented so user had the option of getting updated on current tricks and scams.

Hi Bambo,

Toolbars

The main problem with toolbars is that they do not work in all browsers. Google Chrome has no toolbars at all!

Linkextend

Linkextend works only in Gecko-based browsers: Firefox, Cometbird, Flock etc. (Personally I use Linkextend in my Cometbird browser). Linkextend is super, and maybe Immunet can be added among the virus scanners there?!

Conduit Toolbars

I think, this works only for IE and some other Trident-based browsers. I had it in my Avant browser, but it was gone when I updated Avant lately. Conduit has a lot of nice functions. Maybe Immunet can be listed among the online virus scanners there!?

Partnership & Sponsorship

Instead of being dependent on a sponsor, it should be better if another software producer could cooperate (not compete) with Immunet, both based upon the common "cloud"-idea! If no partner can be found, then Immunet should investigate, if there is a suitable sponsor, who can contribute to the development of Immunet FREE.

Shareware

By letting members pay a minor fee for the development of Immunet FREE into PRO is a good idea, provided that the members will take a part in the forum and influence upon the development!

FREE & PRO

I do not think, that FREE shall be alongside PRO, because FREE, PRO & PLUS is one too many, I think! I believe in PRO & PLUS only (both sharewares).

Cheers,

sweidre

Share this post


Link to post
Share on other sites

Yes I know of the limitations but Linkextend is a good example of a toolbar being more than a line of buttons taking up space. Remember many do not like Toolbars that much so flexibility should be high priority. The few who think every toolbar is "spyware" can't be helped :) Well, just adding a button to quickly toggle on/off can be important feature - unlike for example what Norton websafe lite does in IE.

 

There are tools to make own like this one http://www.besttoolbars.net/products/toolbar/ seems like Conduit without Conduit. No Chrome support though. Support of ie, firefox, chrome is probably minimum requirements.

 

Tricky area because some assciate toolbars with all things evil. Do a search for "conduit spyware" or something. If not prepared to waste too much time do it on http://forums.mozillazine.org/ ;) If such "feelings" are shared by more than a few not only will toolbar be avoided, everything connected with Immunet will suffer as well. Does not really matter there are no facts to back claims up and 99% of problems are due to misunderstandings of what the toolbar does/is. In Conduits case letting everyone make their own, insert affiliate links etc. You can make an evil toolbar, Conduit is just the friendly provider - and get a share of all activity... How it works, same can be said for many other internet activities. Times have changed a bit since Conduit ran into problems with part of Mozillazine, but important to be detailed about content of toolbar, including any relationship with sponsors or whatever. Lack of info feed paranoia and I do not think the last crazy toolbar-hater is dead yet :)

Share this post


Link to post
Share on other sites

Hi,

As Immunet should work regadless of web browser chosen, I do not think toolbar is a good idea!

But I think, Immunet software itself should give a warning, when you intend to visit a site known for distributing malwares!

If we have to skip the toolbar idea, the warning must be given from Immunet Tray icon in some way:

1. Tranparent popup message,

2. Message by hovering the cursor above the tray icon, or

3. ????

Cheers,

sweidre

Share this post


Link to post
Share on other sites

All use a browser so idea of buttons/toolbars is good. Those who actually have a real need for such protection will notice what is going on in browser, not so much in tray area. Anyway it depends on what content it has.

 

Prevx use a weird combo. Only 1 button with a drop down menu. Not integrated in browser, more like floating - also why placement can be screwy. But probably compatible with all browsers.

 

Prevx-SafeOnline.jpg

Share this post


Link to post
Share on other sites

All use a browser so idea of buttons/toolbars is good. Those who actually have a real need for such protection will notice what is going on in browser, not so much in tray area. Anyway it depends on what content it has.

 

Prevx use a weird combo. Only 1 button with a drop down menu. Not integrated in browser, more like floating - also why placement can be screwy. But probably compatible with all browsers.

 

Prevx-SafeOnline.jpg

Hi Bambo,

For Windows toolbars/buttons, there must be developed for all the major browsers used out there:

1. Toolbar extension for IE (other Trident-based browsers will then import it from IE)

2. Toolbar extension for Firefox (other Gecko-based browsers will then use the Firefox' extension)

3. Button extension for Google Chrome (by principle Chome will not have any toolbars at all)

4. Toolbar or button for Opera

Then toolbar/button must be developed for MAC! Safari?

The Toolbar/button alternative will need a lot of work and the browser producers must agree to the development!

In my mind, it will be more simple and cheaper, if Immunet develop warning system in its own software (eg. by using the tray icon: popups or curser hovering)

Cheers,

sweidre

Share this post


Link to post
Share on other sites

There are ways around Chrome problems if you ask Conduit http://apps.conduit.com/ or may be not but regardless of browser problems I think much value will come from flexibility. On/off toggle button kill many complaints - and they will come ;) And value. If you check out those Conduit toolbars you can see much is possible. Links, rss, scripts or direct messages even - all goes well with the Immunity community approach. You could argue that task of increasing know-how/awareness is more important than adding more protection. Pissing in the pants etc.

 

If goal is more than an informative thingy, see post 1 about blocking stuff, I also think joining forces with whoever is the way to go. Call it sponsor or whatever. One of the reasons I mentioned Linkextend. They take advantage of other existing services and make nice interface around them. Judging activity level from Linkextend dude, see Firefox add-on site, he seem like he wants some work :)

Share this post


Link to post
Share on other sites

I think ASK cause lot less trouble than some tricker happy people who contribute to block lists :) But I think talk is about constructing own toolbar, not adding to ASK.

 

Hphost is not easily gamed though. A closed list used by Malwarebytes, Emsisoft, there could be more. If you can't understand why whatever is blocked it is either because you are not as paranoid as Hphost (very likely) or do not know details about why. Like why a whole server like a shared host is blocked while some sites might be 100% safe. From what I have seen he almost always has reason to block. WOT is another matter. If you plan to involve "community" like WOT are so eager to do then think it through. Must be aware of pros and cons because letting amateurs play security experts, make own definitions of what is "evil" or not, is not without problems that is for sure. WOT save their butt by strange logic (just complain if something is wrong, have a nice day!) and more importantly a brilliant plugin. But already getting technical, must set it up properly to avoid/limit FPs or whatever you call it. Does not take many to get negative reaction, also by "security community". Only the most crazy people will not mind FPs in the imaginary war against evil. How it is outside forums ;) So toolbar/button thingy must be close to foolproof instead of trying to clean up whole internet. Malwaredomainlist type of lists could be ok of course, hphosts type can be hmmm (if that one is questionable I really don't know!), whatever users want/like will not work. Takes tons of resources to maintain at least.

 

This is an excellent thread. Bambo, you're right this is about toolbar creation but since we are on the topic, I'll give my two cents since I have some pretty strong opinions on the topic. I should note, that before we included ASK my opinions were much more subdued.

 

On Hphost

 

It's a valuable service but it is easily gamed as evidenced by the fact that they put us on their list for nothing more than having a perfectly legitimate toolbar in our install process. The list maintainer told us he added us on the recommendation of a user, blacklisted us and then when we contacted him he took the time to review the issue and removed us... That, bluntly put, is no where near enough diligence. If you are going to wield a stick as big as theirs you need to be more professional about it.

 

What makes it worse is that (some of) their downstream consumers set no TTL thresholds on the domains/URL pairs and you end up with sites indefinitely blacklisted until someone moves to dispute the case with each vendor. Hphosts should be ensuring (through contract) that consumers will honor TTL's. Hphosts should have the wherewithal to review sites post blacklisting. The average lifespan for a malware hosting site is remarkably short and they clearly are aware of this.

 

Also, to be crystal clear - the AV industry consumes their feed not because it's high quality but because it's free. Hopefully efforts like this become more professional because their impact, when wrong, is seriously detrimental. I sincerely hope that the trading network starting up at VT takes flight because the industry needs a more thoughtful approach to this.

 

I am going to post separately about ASK as I'd like to reply directly to TripleHelix on this one.

 

al

Share this post


Link to post
Share on other sites

Why go back to ASK toolbar they are evil even though it's not prechecked! It's not wroth being on the bad installers list that all the security community can see!

 

Very sad,

 

TH

 

Allow me a little levity here. Evil is genocide in Rawanda or ethnic cleansing in the Balkans - ASK Toolbar qualifies, at best, as software with a damaged reputation. The ASK debate caught us by surprise although clearly it should not have. The toolbar itself does *nothing* not seen in other mainstream toolbars like Google or Yahoo. In fact, ASK uses Google for their search results. The problem here is a misinformed, outdated set of beliefs that somehow ASK is dubious in it's intent. A packet sniffer, some curiosity and about 5 minutes of your time should put that to rest.

 

Currently we have the installation of the toolbar completely in the hands of the user. They have to opt in. Putting us on 'blacklists' as a result effectively says you feel you've the right to make that choice for the consumer. I cannot agree with that and frankly it smacks of bullying. On principle alone the toolbar will stay in until we've time to engineer our own. If someone can illustrate to me in non-emotive terms how it's a security risk I will remove it. I am sure ClamWin, Symantec, Webroot and others will follow suit shortly thereafter..

 

al

Share this post


Link to post
Share on other sites

I don't like to use additional tool bars myself. So if it where an unobtrusive security add-on for the browser that would get my vote.

 

I would personally tend to agree with you. We will be building a security toolbar which does surfing protection and will also allow a user securely filter search results. It has to have strong utility value.

 

al

Share this post


Link to post
Share on other sites

There are ways around Chrome problems if you ask Conduit http://apps.conduit.com/ or may be not but regardless of browser problems I think much value will come from flexibility. On/off toggle button kill many complaints - and they will come ;) And value. If you check out those Conduit toolbars you can see much is possible. Links, rss, scripts or direct messages even - all goes well with the Immunity community approach. You could argue that task of increasing know-how/awareness is more important than adding more protection. Pissing in the pants etc.

 

If goal is more than an informative thingy, see post 1 about blocking stuff, I also think joining forces with whoever is the way to go. Call it sponsor or whatever. One of the reasons I mentioned Linkextend. They take advantage of other existing services and make nice interface around them. Judging activity level from Linkextend dude, see Firefox add-on site, he seem like he wants some work :)

 

 

This has been an excellent read for my first thread back from my holidays. Right now our architecture and design work focuses on providing a client and cloud chassis that can provide reasonable cloud based IP/URL blocking. How we marry this up to a toolbar is still an open discussion. I do like Conduit, I think as Bambo points they seem to share some of our ideals around Community. We have been speaking to them as well, we'll see where it goes.

 

al

Share this post


Link to post
Share on other sites

Browsers already have "protection" or "protected modes" ...... site advisors/WOT etc are abused by people adding bad reviews for their own reasons so they are not accurate and can cause lag when the servers are loaded with queries. Making the reactive/proactive side of Immunet better than the competition would be a good way to go. KISS is a good principle, do one thing really well rather than several things that are average.

Share this post


Link to post
Share on other sites

Yes I do believe hphosts has blocked myspace.com as well. I guess also ask.com and many others "normal" people will not understand. Remember he is paranoid and proud of it - almost direct quote from his blog. But I don't think it is correct to use a word like "gamed" when it comes to hphost. WOT is open for gaming, in a way they encourage it. The more clicks the better at least. Guilty until proven innocent - or the other way around. Who can tell the difference? Well, I have seen him bend over 1 time but he kept the block in question on his own site, just removed it from one of the services/customers he is associated with. I know he also has a "let us see" period on I think several months when sites he used to block have improved. All this technical stuff is on his site somewhere. But he is definitely a hardcore blocker :)

 

Matter of finding a level where there is no room for debate when it comes to blocking. Good you find hphost less than great because then there should be little risk you end up blocking Adoboe.com because they feel a great need to complicate flash install with Mcafee or other crap. Or similar, tons to chose from. Why not take facebook.com down, repeating offender if there ever was one. Or all the sites, including security sites, offering Google Ads getting close to malware. Or those who forget to inform visitors of their affiliate deals. Or what about those who have not read Googles TOS of using Google Analytics? (which completely rules their every move of course) How come some download sites can be highly popular while they host crap blocked by WOT? There won't be many sites left once cleaning up is finished. Follow the money and interests with some sort of overview of what make up big internet, then reevaluate evilness of for example Ask.

Share this post


Link to post
Share on other sites

Yes I do believe hphosts has blocked myspace.com as well. I guess also ask.com and many others "normal" people will not understand. Remember he is paranoid and proud of it - almost direct quote from his blog. But I don't think it is correct to use a word like "gamed" when it comes to hphost. WOT is open for gaming, in a way they encourage it. The more clicks the better at least. Guilty until proven innocent - or the other way around. Who can tell the difference? Well, I have seen him bend over 1 time but he kept the block in question on his own site, just removed it from one of the services/customers he is associated with. I know he also has a "let us see" period on I think several months when sites he used to block have improved. All this technical stuff is on his site somewhere. But he is definitely a hardcore blocker :)

 

Matter of finding a level where there is no room for debate when it comes to blocking. Good you find hphost less than great because then there should be little risk you end up blocking Adoboe.com because they feel a great need to complicate flash install with Mcafee or other crap. Or similar, tons to chose from. Why not take facebook.com down, repeating offender if there ever was one. Or all the sites, including security sites, offering Google Ads getting close to malware. Or those who forget to inform visitors of their affiliate deals. Or what about those who have not read Googles TOS of using Google Analytics? (which completely rules their every move of course) How come some download sites can be highly popular while they host crap blocked by WOT? There won't be many sites left once cleaning up is finished. Follow the money and interests with some sort of overview of what make up big internet, then reevaluate evilness of for example Ask.

 

I'll leave it where it is, my opinion remains that we was intentionally mislead and fell for it. His lack of judgment impacted my business, I've little room for tolerance or empathy when this happens.

Share this post


Link to post
Share on other sites

Browsers already have "protection" or "protected modes" ...... site advisors/WOT etc are abused by people adding bad reviews for their own reasons so they are not accurate and can cause lag when the servers are loaded with queries. Making the reactive/proactive side of Immunet better than the competition would be a good way to go. KISS is a good principle, do one thing really well rather than several things that are average.

 

 

I agree with you on that and our service will reflect it. I do not think it will be terrifically different than anything you might expect, our goal is block malware laden sites by leveraging our current cloud infrastructure and Community model.

 

al

Share this post


Link to post
Share on other sites

I'll leave it where it is, my opinion remains that we was intentionally mislead and fell for it. His lack of judgment impacted my business, I've little room for tolerance or empathy when this happens.

 

Understandable but don't think he was mislead. If you start to debate pro vs. con when it comes to Ask.com type of services you will run in to a minority of "security community" who will defend their position as much as you do yours. How it is. There is no way you will ever meet their wishes. There are also those who think Google is pretty useful, through an unknown 3rd. party proxy to avoid "tracking". There is a lack of knowledge, experience, sense of reality among the most scared internet users :)

Share this post


Link to post
Share on other sites

Understandable but don't think he was mislead. If you start to debate pro vs. con when it comes to Ask.com type of services you will run in to a minority of "security community" who will defend their position as much as you do yours. How it is. There is no way you will ever meet their wishes. There are also those who think Google is pretty useful, through an unknown 3rd. party proxy to avoid "tracking". There is a lack of knowledge, experience, sense of reality among the most scared internet users :)

 

 

I would agree with that.

 

al

Share this post


Link to post
Share on other sites

I like it, but I don't favor this toolbar of sorts. It'll be a bit too redundant, don't you think, to add a toolbar/add-on/extension that does the same thing as all the others of the same class? If you are to pursue on this, may I suggest adding a few other options that would make it a valid contender to the rest? It might also cause some of these effects or redundancy:

 

1. WOT is abused. That much I can say.

2. Others slow down browsing (Finjan and AVG can have this effect)

3. If you'd like a combination, it's been done and people would probably like it better than a single scanner. (LinkExtend Safety Scanner and yes, I know, it's not marketability that counts. However, if you think about it, if hardly anyone uses it, what help had it given to the community?)

 

So...what innovative features are you planning to add? :huh:

 

-edit-

Having read most of the posts, I realize you are planning to add some new things. For the Safe Search, doensn't LinkExtend implement that? I like the exploit detection idea though. How about hidden objects detection which are often the medium of infection? I've also thought up of one more feature you might consider on adding and that is listing what it has found in the page that makes it a dangerous site.

For example, it would block a page and then list down reasons why the user should reconsider visiting the page. It may say:

1. It has been blacklisted by malwaredomain or other related services

2. scanner detects hidden frames (brief explanation)

3. scanner detects drive-by downloads

4. scanner detects possible phishing scams and tracking cookies

 

something like that. It informs people. That, in my opinion, is the best service one can give and is the best security measure there is.

Share this post


Link to post
Share on other sites

Well I gotta say I'd love it if you guys put the detail in the address bar itself.

For example http://www.spamratings.com/ provides an add-on to firefox users that, when downloaded, will place a tag in the address bar to warn you if a website is known for sending you spam.

 

Wot (http://www.mywot.com/)

Only places the waring in the browser's bar, I do not like this because it looks like any old button adding to the clutter of other buttons I have.

 

I feel that the address bar is the most fit and ideal location to place your warning.

 

For more details, picture of spamratings.com's tag is in the attachment of this message.

post-483-072246900 1288685584_thumb.jpg

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...